Application security, Malware, Vulnerability Management

Phishing scams, malicious attachments top, threat report reveals

Hackers went old school during the first half of 2015, resurrecting the use of malicious attachments and also began targeting businesses with a new stream of phishing attacks, according to Proofpoint's first half threat report.

Proofpoint researchers said that malicious attachments have become the go-to method for hackers as they pulled away from the URL-based campaigns that were preferred in 2014. The majority of the messages were mainly Microsoft Word documents bearing malicious macros delivered by the Dridex botnet.

"In 2015, at times the volume of emails with malicious attachments has ranged as high as 4x-5x emails with malicious URLs, while overall malicious email has periodically spiked as high as 30-40 percent of all unsolicited email,” said Kevin Epstein, Proofpoint's vice president  of threat operations, in an email to today.

While Proofpoint thought it was odd that criminals opted for an older form of attack, the report pointed out several strong reasons they made the switch. Primarily, malicious attachments avoid traditional defenses, are cheap to set up and operate, can't be patched and can leverage human fallibility.

Epstein noted, though, that technology can be used to counter the human urge to just open an attachment.

“Modern systems go beyond the gateway, both preemptively (pre-gateway) and retroactively (post-gateway). Preemptively, modern systems are able to examine patterns in incoming email, and isolate attachments for deeper analysis in virtual environments before end-users have an opportunity to click,” he said.

The other major change seen by Proofpoint was the full implementation of business-targeted phishing campaigns, which was first noticed rising late in 2014, but blossomed during the first half of this year and continues to rise. The company noted that the number of phishing attempts had doubled between January and June of this year, while URL-type attacks were at about two-thirds of that level.

The schemes had three general themes - using social media by asking for invitations and connection requests; account warnings where the recipient would be told that low balance or account updates were needed; and order confirmation messages.

LinkedIn became a favorite avenue of approach with fake requests using it twice as often as other social media sites.

Leveraging the human weak point in a company's defenses meant the organization needed to work on its retroactive response.

“Spending should be directed towards modern technologies, which assume clicks will happen, and implement defensive targeted attack protection and threat response systems accordingly,” Epstein said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.